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300110536 

METHOD AND APPARATUS FOR ENCRYPTING DATA 

5 The present invention relates to a method and system for encrypting data. 

As the use of the Internet has increased so, correspondingly, has interest in 
the availability of services over the Internet. In particular it has become 
commonplace for software distributors to provide web sites where software, 
10 for example software plug-ins, freeware software, open-source code, and 
commercial software can be downloaded. 

However, a problem associated with the downloading of software over the 
Internet is the ability of the downloading party to verify the authenticity of the 
15 downloaded software. For example, it is desirable for the down loader to be 
able to determine whether the downloaded software is in its original form and 
has not been modified or tampered with and/or whether the software 
distributor is licensed to provide the software. 

20 A solution to this problem has been the use of digital certificates that are used 
by the software producers to digitally sign the software; thus allowing the 
downloading party to verify the integrity of the software by verifying that the 
digital signature belongs to the appropriate software producer. 

25 However, this solution requires that the downloading party maintain a 
database of appropriate digital certificates that has to be kept up to date to 
reflect the latest digital certificates. Further, this solution provides no 
opportunity for the software producers to obtain visibility as to who is being 
provided access to their software. 

30 

It is desirable to improve this situation. 
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In accordance with a first aspect of the present invention there is provided a 
computer system comprising a first computer entity for deriving a public key 
using a first data set corresponding to software code or a representation of 
5 software code provided by a second computer entity and encrypting a second 
data set with the public key; communication means for providing the 
encrypted second data set to the second computer entity; wherein a third 
computer entity associated with a third party having rights in the software 
code is arranged to provide to the second computer entity an associated 
1 0 private key derived using the first data set to allow decryption of the encrypted 
second data set. 

Preferably the second data set is a nonce. 
1 5 Preferably the first data set is provided via a web site. 
Suitably the third party is a software producer. 

Preferably the public key is derived using the first data set and a third data 
20 set. 

Suitably the third data set is a random number. 

Preferably the communication means provides the public key to the third 
25 computer entity to allow validation of the first data set. 

Preferably the third computer entity provides the associated private key to the 
second computer entity on validation of the first data set. 

30 In accordance with a second aspect of the present invention there is provided 
a method comprising deriving a public key using a first data set corresponding 
to software code or a representation of software code provided by a second 
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party; encrypting a second data set with the public key; providing the 
encrypted second data set to the second party; provide to the second party 
from a third party having rights in the software code an associated private key 
derived using the first data set to allow decryption of the encrypted second 
5 data set. 

Preferably the second party is a software distributor. 

For a better understanding of the present invention and to understand how 
10 the same may be brought into effect reference will now be made, by way of 
example only, to the accompanying drawings, in which:- 

Figure 1 illustrates a computer system according to an embodiment of the 
present invention. 

15 

Figure 1 illustrates a computer system 10 according to an embodiment of the 
present invention. Computer system 10 includes a first computer entity 11, a 
second computer entity 12 and a third computer entity 13. Typically the three 
computer entities 11, 12, 13 would be configured on separate computer 
20 platforms, however the computer entities 11, 12, 13 could be configured on a 
single computer platform. For the purposes of this embodiment, however, the 
three computer entities 1 1, 12, 13 are coupled via the Internet 14. 

Associated with the third computer entity 13 is a software producer 15 that is 
25 configured to act as a trust authority 16. The software producer 15 creates 
and generates software for distribution to potential users. Additionally, the 
software producer, acting as a trust authority 16, makes publicly available the 
trust authorities public data 17, as described below. As would be appreciated 
by a person skilled in the art the trust authorities public data 17 can be made 
30 available in a variety of ways, for example via a public web site (not shown). 
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Associated with the second computer entity 12 is a software distributor 18 that 
is arranged to distribute software produced by the software producer 15, via a 
web site (not shown), however, as would be appreciated by a person skilled in 
the art the software could be distributed in a variety of ways, for example via 
5 email. 

The first computer entity 11 is configured to allow a user 19 to download 
software from the second computer entity 12 via the website (not shown), 
where the user 19 may, for example use a software plug-in 20 to generate a 
10 public key, as described below. 

The software plug-in 20 may, for example, be obtained from the trust 
authority's web site (not shown) where the plug-in 20 can be installed within 
the customer's web browser (not shown). The plug-in 20 embeds knowledge 
15 regarding the trust authorities public details N, # 17, as described below. 

The plug-in 20 is arranged to calculate a public key for the user 19 in 
accordance with the equations described below. 

20 To allow the user 19 to verify the authenticity of software available for 
downloading from the software distributor's web site (e.g. determine whether 
the software has been modified or tampered with and/or whether the software 
distributor 18 has a licence to distribute the software) the user 19, on 
downloading the software, derives from the software or a representation of the 

25 software (e.g. a hash of the software) a representative digital string of data 
bits. This string (i.e. the user's public key) is then used to encrypt a nonce (i.e. 
a random number) selected by the user 19, as described below; however, 
data other than a nonce can be used. This forms the first step in the user 19 
verifying authenticity of the downloaded software. 

30 
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The trust authorities public data 17 includes a hash function # and a value N 
that is a product of two random prime numbers p and q, where the values of p 
and q are only known to the trust authority. 

5 The hash function # has the function of taking a string and returning a value in 
the range 0 to N. Additionally, the hash function # should have the jacobi 
characteristics: jacobi (#, N) = 1 . That is to say, where x 2 =#modN the jacobi 
(#, N) = -1 if x does not exist, and = 1 if x does exist. 

10 The values of p and q should ideally be in the range of 2 511 and 2 512 and 
should both satisfy the equation: p,q = 3mod4. However, p and q must not 
have the same value. 

To encrypt each bit M of the nonce the user 19 generates random numbers t + 
15 (where t + is an integer in the range [0, 2 N )) until the user 19 finds a value of 
t + that satisfies the equation jacobi(t+,N) = M , where M represents the 
individual binary digits 0, 1 of the user's data as -1, 1 respectively. The user 
19 then computes the value: 

20 s + = (r + +# (publickeystring) /t + ) mod N . 

for each bit M where s+ corresponds to the encrypted bit of M. 

In case #(publickeystring) is non-square the user 19 additionally generates 
25 additional random numbers (integers in the range [0, 2 N )) until the user 19 
finds one that satisfies the equation jacobi{t_,N^m . The user 19 then 
computes the value: 

s_ = (t_-# (publickeystring) I t_)modN 



30 
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for each value of bit M. 

The encrypted nonce and public key is made available to the software 
distributor 18 by any suitable means, for example via e-mail or by being 
5 placed in a electronic public area. 

For the software distributor 18 to recover the associated private key the 
software distributor 18 would, in one embodiment, provide the public key, as 
used by the user 19 to encrypt the nonce, to the trust authority 16 (i.e. the 
10 version of software or representation of software used by the user to encrypt 
the nonce). 

The trust authority 16 determines the associated private key B by solving the 
equation : 

15 

B 2 =# (publickeystring) mod N 

If a value of B does not exist, then there is a value of B that is satisfied by the 
equation: 

20 

B 2 = -# (publickeystring) mod N 

As N is a product of two prime numbers p, q it would be extremely difficult for 
any one to calculate the private key B with only knowledge of the public key 
25 string and N. However, as the trust authority 16 has knowledge of p and q (i.e. 
two prime numbers) it is relatively straightforward for the trust authority 16 to 
calculate B. 

Any change to the public key will result in a private key that will not decrypt 
30 the nonce correctly. Therefore, the software distributor cannot alter the 
software that the software producer 15 provides and still decrypt the 
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encrypted nonce and therefore cannot alter the software distributed without 
the user 19 realising that the software has been modified. 

If the square root of the encryption key returns a positive value, the user's 
5 data M can be recovered using: 

M = jacobi(s + + 2B,N) . 

If the square root of the encryption key returns a negative value, the user's 
10 data M can be recovered using: 

M = jacobi{s_ + 2B,N) . 

The software distributor 18 uses the appropriate equation above, in 
15 conjunction with the private key, to decrypt the message. 

The software distributor 18 can retrieve the private key from the trust authority 
16 offline from the user challenge or online during the user's challenge. 

20 On decryption of the nonce the software distributor 18 can send the decrypted 
nonce back to the user 19, thereby assuring the user that the trust authority 
16 has validated the software issued by the software distributor 18 (i.e. the 
user's challenge has been successful). Correspondingly, if the public key 
information (i.e. the software) has been altered or the software distributor 18 

25 is unlawfully providing the software the software distributor 18 will be unable 
to decrypt the nonce and the user's challenge will be unsuccessful 

Further, the public key derived from the software could be made dependent 
on dynamic information, for example time and/or a random number. In this 
30 case the verification of the software (i.e. the private key being issued to the 
software distributor 18 by the trusted authority 16) must be done every time 
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the user 19 wishes to verify the software issued by the software distributor 18. 
This will directly involve the trust authority 16 in the challenge loop: this allows 
the trust authority 16 to accumulate evidence about misbehaviour both of 
certified and fake software distributors. This will also prevent situations 
5 involving misuses of the schema. 

Additionally, the use of dynamic information will prevent the use of inaccurate 
information that was valid at the time of initial certification from being used 
fraudulently (e.g. prevent a software distributor from continuing to distribute 
1 0 software once a licence has expired). 

Additionally, the trust authority 16 could have multiple public details. For 
example each "public detail" could be associated to a particular class of 
consumers. A consumer could be aware just of a subset of these public 
15 details. 

This could allow the trust authority 16 to gather detailed information about 
categories of users of its service. 

20 Additionally, the communication between the various parties can make use of 
standard protocols such as HTTP and SOAP. Further, where required secure 
connections can be established using secure protocols such as SSL. 



A computer system comprising a first computer entity for deriving a 
public key using a first data set corresponding to software code or a 
representation of software code provided by a second computer 
entity and encrypting a second data set with the public key; 
communication means for providing the encrypted second data set 
to the second computer entity; wherein a third computer entity 
associated with a third party having rights in the software code is 
arranged to provide to the second computer entity an associated 
private key derived using the first data set to allow decryption of the 
encrypted second data set. 

A computer system according to claim 1 , wherein the second data 
set is a nonce. 

A computer system according to claim 1 or 2, wherein the first data 
set is provided via a web site. 

A computer system according to any preceding claim, wherein the 
third party is a software producer. 

A computer system according to any preceding claim, wherein the 
public key is derived using the first data set and a third data set. 

A computer system according to claim 5, wherein the third data set 
is a random number. 

A computer system according to any preceding claim, wherein the 
communication means provides the public key to the third computer 
entity to allow validation of the first data set. 
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A computer system according to claim 7, wherein the third computer 
entity provides the associated private key to the second computer 
entity on validation of the first data set. 

A method comprising deriving a public key using a first data set 
corresponding to software code or a representation of software 
code provided by a second party; encrypting a second data set with 
the public key; providing the encrypted second data set to the 
second party; provide to the second party from a third party having 
rights in the software code an associated private key derived using 
the first data set to allow decryption of the encrypted second data 
set. 

A method according to claim 9, wherein the second data set is a 
nonce. 

A method according to claim 9 or 10, wherein the first data set is 
provided via a web site associated with the second party. 

A method according to any of claims 9 to 1 1 , wherein the third party 
is a software producer. 

A method according to any of claims 9 to 12, wherein the second 
party is a software distributor. 

A method according to any of claims 9 to 1 3, wherein the public key 
is derived using the first data set and a third data set. 

A method according to claim 14, wherein the third data set is a 
random number. 
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A method according to any of claims 9 to 15, further comprising 
providing the public key to the third party to allow validation of the 
first data set. 

A method according to claim 16, wherein on validation of the first 
data set the third party provides the associated private key to the 
second party. 
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ABSTRACT 

METHOD AND APPARATUS FOR ENCRYPTING DATA 

5 

A computer system comprising a first computer entity for deriving a public key 
using a first data set corresponding to software code or a representation of 
software code provided by a second computer entity and encrypting a second 
data set with the public key; communication means for providing the 
10 encrypted second data set to the second computer entity; wherein a third 
computer entity associated with a third party having rights in the software 
code is arranged to provide to the second computer entity an associated 
private key derived using the first data set to allow decryption of the encrypted 
second data set. 

15 
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